Make sure you have installed the following commands:
- swaymsg
- jq
- slurp
- awk
Command: amixer -D pulse sset Capture 100% | |
Release: amixer -D pulse sset Capture 0% |
Locking down a linux machine is getting easier by the day. Recent advancements in systemd-boot have enabled a host of features to help users ensure that their machines have not been tampered with. This guide provides a walkthrough of how to turn on many of these features during installation, as well as reasoning for why certain features help improve security.
The steps laid out below draw on a wide variety of existing resources, and in places I'll point to them rather than attempt to regurgitate full explanations of the various security components. The most significant one, which I highly encourage everyone to read, is Rod Smith's site about secure boot, which is the most comprehensive and cogent explanation of UEFI, boot managers and boot loaders, and secure boot. Another incredibly useful resources is Safeboot, which encapsulates many of the setup steps below in a Debian application.
Nix can be used to build any kind of package. But here I'm just going to focus on the simple C&C++ case.
Firstly we have to know that the final built packages will located inside /nix/store
. Which is globally readable directory of all build inputs and build outputs of the Nix system. The emphasis is on readable, not writable, that is /nix/store
is meant to be modified by the user or programs except for the Nix system utilities. This centralises the management of packages, and keeps our packages and package configuration consistent.
So what exactly are we trying to build. Our goal is to build a directory that will be located in /nix/store/*-package-version/
, where *
is the hash of the package. Preferably a version
is also available, but some C&C++ packages don't have versions, so in that case, there's only /nix/store/*-package/
.
What will be inside this directory? It follows the GNU Coding Standards descri